package com.workspace.chb_website.config;

import com.workspace.chb_website.service.UserService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.web.cors.CorsUtils;

/**
 * 总配置
 */

@Configuration
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

    private final UserService userService;
    private final SuccessHandler successHandler;
    private final FailureHandler failureHandler;
    private final DeniedHandler deniedHandler;

    @Autowired
    public WebSecurityConfig(UserService userService,
                             SuccessHandler successHandler,
                             FailureHandler failureHandler,
                             DeniedHandler deniedHandler) {
        this.userService = userService;
        this.successHandler = successHandler;
        this.failureHandler = failureHandler;
        this.deniedHandler = deniedHandler;
    }

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        //从数据库中获取用户信息
        auth.userDetailsService(userService).passwordEncoder(new BCryptPasswordEncoder());
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        //解决跨域
        http.cors().and().authorizeRequests().requestMatchers(CorsUtils::isPreFlightRequest).permitAll();
        //配置
        //应用自定义的配置
        http.authorizeRequests()
                //配置权限
                .antMatchers("/swagger*//**", "/v2/api-docs", "/webjars*//**").permitAll()
                .antMatchers("/debug", "/getAllImageSum").permitAll()
                //.anyRequest().permitAll()
                .anyRequest().authenticated()
                .and()
                .formLogin()
                .loginPage("/login_page")
                //成功处理方法
                .successHandler(successHandler)
                //失败处理方法
                .failureHandler(failureHandler)
                .loginProcessingUrl("/login")
                //前端传过来的用户名密码的参数名
                .usernameParameter("username").passwordParameter("password").permitAll()
                .and()
                .logout().permitAll()
                .and()
                //添加记住我功能
                .rememberMe()
                .tokenValiditySeconds(3600 * 24 * 14)
                .and()
                .sessionManagement()
                .invalidSessionUrl("/login_page")
                .and()
                .csrf().disable()
                .exceptionHandling()
                //权限不足处理方法
                .accessDeniedHandler(deniedHandler);
    }
}
